乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-06-02: 细节已通知厂商并且等待厂商处理中 2015-06-02: 厂商已经确认,细节仅向厂商公开 2015-06-12: 细节向核心白帽子及相关领域专家公开 2015-06-22: 细节向普通白帽子公开 2015-07-02: 细节向实习白帽子公开 2015-07-17: 细节向公众公开
艺龙网某站点svn泄漏源代码, 可获取数据库帐号
SVN泄漏:
http://ssl.elong.com/hotel2/.svn/entries
<?phpif(!defined('IN_ELONGSDK')) { exit('Access Denied');}$_SC = array();//数据库参数配置$_SC['dbhost'] = '211.151.230.166'; //服务器地址$_SC['dbuser'] = 'lohoo'; //用户$_SC['dbpw'] = 'lohoonopass123'; //密码//数据库参数配置$_SC['dbhost'] = '127.0.0.1'; //服务器地址$_SC['dbuser'] = 'root'; //用户$_SC['dbpw'] = 'root'; //密码$_SC['dbcharset'] = 'utf8'; //字符集$_SC['pconnect'] = 0; //是否持续连接$_SC['dbname'] = 'elongsdk'; //数据库$_SC['charset'] = 'utf-8'; //页面字符集//程序参数配置$_SC['gzipcompress'] = 0; //启用gzip$_SC['template'] = ''; //选择模板目录$_SC['timeoffset'] = 8; //时区偏移量$_SC['gzipcompress'] = 0; //是否启用gzip$_SC['lang'] = "cn"; //语言 cn,en$_SC['lang_num'] = "2"; //如果部署中英文版值为2,值为2时,域名/en/目录为英文版,默认为1 //合作伙伴参数配置$_SC['elongcard'] = '617265612'; //elong分配的代理卡号$_SC['orderfrom'] = '5062'; //elong分配的orderfrom值$_SC['agencyid'] = 'AP0016114'; //elong分配的代理编号$_SC['api_user'] = 'AP0016114'; //elong分配的api访问用户名$_SC['api_password'] = 'AP0016114'; //elong分配的api访问密码$_SC['endpoint'] ='http://114-svc.elong.com/NorthBoundService/V1.1/NorthBoundAPIService.asmx?WSDL'; $_SC['fanli'] ='http://jump.fanli.qq.com/redirect.php?mall_id=10043&force_login=1&login_type=1&show_page=0';//test api server//$_SC['endpoint'] ='http://192.168.9.24/newNorthBoundService/V1.1/NorthBoundAPIService.asmx?WSDL';//test api server//测试//$_SC['endpoint'] ='http://211.151.230.209/NewNorthBoundService/V1.1/NorthBoundAPIService.asmx?WSDL'; $_sc['timeout'] =30; //api的超时时间//网站中文参数$_SC['web_url'] = "http://go.qq.com/"; //网站域名$_SC['local_url'] = "http://qq.elong.com";$_SC['web_name'] = ""; //网站名称$_SC['web_tel'] = "4006-997788"; //预订电话$_SC['web_beian'] = ""; //备案号$_SC['apiorder'] = 0; //0为链接到elong完成预定,1为通过api完成预定$_SC['book'] = '酒店预订'; //导航城市//地标分类$pointtypes = array('1'=>'景点','2'=>'主题','3'=>'交通','4'=>'医院','5'=>'商企行政','7'=>'生活服务','8'=>'购物','9'=>'餐馆','10'=>'学校',);$urlcode=urlencode("http://".$_SERVER ['HTTP_HOST'].$_SERVER['PHP_SELF']."?".$_SERVER['QUERY_STRING']);?>
删除.svn文件夹
危害等级:中
漏洞Rank:8
确认时间:2015-06-02 15:40
已确认,谢谢
暂无